Problem: medium shiftleft scan findings (fix crypto-org-chain#127)

fix lint issue use closure for file.close fix manual file validity check
leejw51crypto · Oct 22, 2020 · 02e11f6 · 02e11f6
1 parent 59b2dad
commit 02e11f6
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 6 deletions.
diff --git a/cmd/chain-maind/app/app.go b/cmd/chain-maind/app/app.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"io"
 	"os"
+	"path/filepath"
 
 	"github.com/cosmos/cosmos-sdk/codec"
 	"github.com/crypto-com/chain-main/app/params"
@@ -142,11 +143,20 @@ func initRootCmd(rootCmd *cobra.Command, encodingConfig params.EncodingConfig) {
 		config.SetRoot(clientCtx.HomeDir)
 		path := config.GenesisFile()
 
-		file, err := os.OpenFile(path, os.O_RDWR, 0644)
+		cleanedPath := filepath.Clean(path)
+		// nolint: gosec
+		file, err := os.OpenFile(cleanedPath, os.O_RDWR, 0600)
 		if err != nil {
 			return err
 		}
-		defer file.Close()
+
+		defer func() {
+			cerr := file.Close()
+			if err == nil {
+				err = cerr
+			}
+		}()
+
 		var genesis map[string]interface{}
 		if err := json.NewDecoder(file).Decode(&genesis); err != nil {
 			return err
@@ -161,6 +171,7 @@ func initRootCmd(rootCmd *cobra.Command, encodingConfig params.EncodingConfig) {
 		if _, err := file.Seek(0, 0); err != nil {
 			return err
 		}
+
 		return json.NewEncoder(file).Encode(&genesis)
 	}
 

diff --git a/x/chainmain/client/cli/testnet.go b/x/chainmain/client/cli/testnet.go
@@ -527,7 +527,7 @@ func writeFile(name string, dir string, contents []byte) error {
 		return err
 	}
 
-	err = tmos.WriteFile(file, contents, 0644)
+	err = tmos.WriteFile(file, contents, 0600)
 	if err != nil {
 		return err
 	}

diff --git a/x/genutil/client/cli/gentx.go b/x/genutil/client/cli/gentx.go
@@ -245,18 +245,26 @@ func readUnsignedGenTxFile(clientCtx client.Context, r io.Reader) (sdk.Tx, error
 }
 
 func writeSignedGenTx(clientCtx client.Context, outputDocument string, tx sdk.Tx) error {
-	outputFile, err := os.OpenFile(outputDocument, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0644)
+	cleanedPath := filepath.Clean(outputDocument)
+	// nolint: gosec
+	outputFile, err := os.OpenFile(cleanedPath, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600)
+
 	if err != nil {
 		return err
 	}
-	defer outputFile.Close()
+
+	defer func() {
+		cerr := outputFile.Close()
+		if err == nil {
+			err = cerr
+		}
+	}()
 
 	json, err := clientCtx.TxConfig.TxJSONEncoder()(tx)
 	if err != nil {
 		return err
 	}
 
 	_, err = fmt.Fprintf(outputFile, "%s\n", json)
-
 	return err
 }